Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(869)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_nss.cc

Issue 8857002: net: split the SSL session cache between incognito and normal. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: ... Created 9 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« chrome/browser/profiles/off_the_record_profile_io_data.cc ('K') | « net/socket/ssl_client_socket_nss.h ('k') | net/socket/ssl_client_socket_nss_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
6 // from AuthCertificateCallback() in 6 // from AuthCertificateCallback() in
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
8 8
9 /* ***** BEGIN LICENSE BLOCK ***** 9 /* ***** BEGIN LICENSE BLOCK *****
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
(...skipping 432 matching lines...) Expand 10 before | Expand all | Expand 10 after
443 server_cert_nss_(NULL), 443 server_cert_nss_(NULL),
444 server_cert_verify_result_(NULL), 444 server_cert_verify_result_(NULL),
445 ssl_connection_status_(0), 445 ssl_connection_status_(0),
446 client_auth_cert_needed_(false), 446 client_auth_cert_needed_(false),
447 cert_verifier_(context.cert_verifier), 447 cert_verifier_(context.cert_verifier),
448 ob_cert_xtn_negotiated_(false), 448 ob_cert_xtn_negotiated_(false),
449 origin_bound_cert_service_(context.origin_bound_cert_service), 449 origin_bound_cert_service_(context.origin_bound_cert_service),
450 ob_cert_request_handle_(NULL), 450 ob_cert_request_handle_(NULL),
451 handshake_callback_called_(false), 451 handshake_callback_called_(false),
452 completed_handshake_(false), 452 completed_handshake_(false),
453 ssl_session_cache_shard_(context.ssl_session_cache_shard),
453 eset_mitm_detected_(false), 454 eset_mitm_detected_(false),
454 kaspersky_mitm_detected_(false), 455 kaspersky_mitm_detected_(false),
455 predicted_cert_chain_correct_(false), 456 predicted_cert_chain_correct_(false),
456 next_handshake_state_(STATE_NONE), 457 next_handshake_state_(STATE_NONE),
457 nss_fd_(NULL), 458 nss_fd_(NULL),
458 nss_bufs_(NULL), 459 nss_bufs_(NULL),
459 net_log_(transport_socket->socket()->NetLog()), 460 net_log_(transport_socket->socket()->NetLog()),
460 ssl_host_info_(ssl_host_info), 461 ssl_host_info_(ssl_host_info),
461 dns_cert_checker_(context.dns_cert_checker), 462 dns_cert_checker_(context.dns_cert_checker),
462 next_proto_status_(kNextProtoUnsupported), 463 next_proto_status_(kNextProtoUnsupported),
463 valid_thread_id_(base::kInvalidThreadId) { 464 valid_thread_id_(base::kInvalidThreadId) {
464 EnterFunction(""); 465 EnterFunction("");
465 } 466 }
466 467
467 SSLClientSocketNSS::~SSLClientSocketNSS() { 468 SSLClientSocketNSS::~SSLClientSocketNSS() {
468 EnterFunction(""); 469 EnterFunction("");
469 Disconnect(); 470 Disconnect();
470 LeaveFunction(""); 471 LeaveFunction("");
471 } 472 }
472 473
473 // static 474 // static
474 void SSLClientSocketNSS::ClearSessionCache() { 475 void SSLClientSocket::ClearSessionCache() {
475 // SSL_ClearSessionCache can't be called before NSS is initialized. Don't 476 // SSL_ClearSessionCache can't be called before NSS is initialized. Don't
476 // bother initializing NSS just to clear an empty SSL session cache. 477 // bother initializing NSS just to clear an empty SSL session cache.
477 if (!NSS_IsInitialized()) 478 if (!NSS_IsInitialized())
478 return; 479 return;
479 480
480 SSL_ClearSessionCache(); 481 SSL_ClearSessionCache();
481 } 482 }
482 483
483 void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) { 484 void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {
484 EnterFunction(""); 485 EnterFunction("");
(...skipping 552 matching lines...) Expand 10 before | Expand all | Expand 10 after
1037 // field at the beginning. PRNetAddr has a two-byte address 1038 // field at the beginning. PRNetAddr has a two-byte address
1038 // family field at the beginning. 1039 // family field at the beginning.
1039 peername.raw.family = ai->ai_addr->sa_family; 1040 peername.raw.family = ai->ai_addr->sa_family;
1040 1041
1041 memio_SetPeerName(nss_fd_, &peername); 1042 memio_SetPeerName(nss_fd_, &peername);
1042 1043
1043 // Set the peer ID for session reuse. This is necessary when we create an 1044 // Set the peer ID for session reuse. This is necessary when we create an
1044 // SSL tunnel through a proxy -- GetPeerName returns the proxy's address 1045 // SSL tunnel through a proxy -- GetPeerName returns the proxy's address
1045 // rather than the destination server's address in that case. 1046 // rather than the destination server's address in that case.
1046 std::string peer_id = host_and_port_.ToString(); 1047 std::string peer_id = host_and_port_.ToString();
1048 // If the ssl_session_cache_shard_ is non-empty, we append it to the peer id.
1049 // This will cause session cache misses between sockets with different values
1050 // of ssl_session_cache_shard_ and this is used to partition the session cache
1051 // for incognito mode.
1052 if (!ssl_session_cache_shard_.empty()) {
1053 peer_id += "/" + ssl_session_cache_shard_;
1054 }
1047 SECStatus rv = SSL_SetSockPeerID(nss_fd_, const_cast<char*>(peer_id.c_str())); 1055 SECStatus rv = SSL_SetSockPeerID(nss_fd_, const_cast<char*>(peer_id.c_str()));
1048 if (rv != SECSuccess) 1056 if (rv != SECSuccess)
1049 LogFailedNSSFunction(net_log_, "SSL_SetSockPeerID", peer_id.c_str()); 1057 LogFailedNSSFunction(net_log_, "SSL_SetSockPeerID", peer_id.c_str());
1050 1058
1051 return OK; 1059 return OK;
1052 } 1060 }
1053 1061
1054 1062
1055 // Sets server_cert_ and server_cert_nss_ if not yet set. 1063 // Sets server_cert_ and server_cert_nss_ if not yet set.
1056 void SSLClientSocketNSS::UpdateServerCert() { 1064 void SSLClientSocketNSS::UpdateServerCert() {
(...skipping 1610 matching lines...) Expand 10 before | Expand all | Expand 10 after
2667 valid_thread_id_ = base::PlatformThread::CurrentId(); 2675 valid_thread_id_ = base::PlatformThread::CurrentId();
2668 } 2676 }
2669 2677
2670 bool SSLClientSocketNSS::CalledOnValidThread() const { 2678 bool SSLClientSocketNSS::CalledOnValidThread() const {
2671 EnsureThreadIdAssigned(); 2679 EnsureThreadIdAssigned();
2672 base::AutoLock auto_lock(lock_); 2680 base::AutoLock auto_lock(lock_);
2673 return valid_thread_id_ == base::PlatformThread::CurrentId(); 2681 return valid_thread_id_ == base::PlatformThread::CurrentId();
2674 } 2682 }
2675 2683
2676 } // namespace net 2684 } // namespace net
OLDNEW
« chrome/browser/profiles/off_the_record_profile_io_data.cc ('K') | « net/socket/ssl_client_socket_nss.h ('k') | net/socket/ssl_client_socket_nss_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698